What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://my.plaid.com', 'difficulty': 'EASY', 'action_type': 'DELETE_DATA', 'instructions': "Visit my.plaid.com and submit a data deletion request specifying that you want all retained financial data — including transaction history and account information — deleted from Plaid's systems. Under CCPA, Plaid must respond within 45 days.", 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': "The FTC's 2022 consent order with Plaid specifically addressed data retention beyond disclosed purposes, and this open-ended retention policy creates direct exposure to consent order violation and FTC Act Section 5 enforcement.", 'complaint_url': 'https://reportfraud.ftc.gov/'}, {'agency': 'CFPB', 'reason': 'CFPB has jurisdiction over retention of nonpublic personal financial data under GLBA and its proposed Personal Financial Data Rights rule under Dodd-Frank §1033.', 'complaint_url': 'https://www.consumerfinance.gov/complaint/'}

What is the severity of this clause?

ConductAtlas classifies this Data Retention Policy clause as high severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Do other platforms have similar clauses?

Yes. ConductAtlas has identified similar Data Retention Policy clauses across approximately 64 other tracked platforms. You can compare how platforms differ on this clause type in the cross-platform comparison view.

Data Retention Policy — Plaid

Share 𝕏 Share in Share 🔒 PDF

What it is

Plaid keeps your financial data — including transaction history and account information — for as long as it judges necessary, including after you stop using connected apps or request disconnection.

Consumer impact (what this means for users)

Consumers who disconnect apps through Plaid or stop using Plaid-powered services may find that their detailed financial transaction history and account data remains stored by Plaid for an indeterminate period under broadly defined retention justifications, creating ongoing exposure risk.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Delete Your Data

Visit my.plaid.com and submit a data deletion request specifying that you want all retained financial data — including transaction history and account information — deleted from Plaid's systems. Under CCPA, Plaid must respond within 45 days.

Cross-platform context

See how other platforms handle Data Retention Policy and similar clauses.

Compare across platforms →

Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Plaid can retain your sensitive financial data indefinitely under broad 'legal, tax, or accounting' justifications, meaning your banking history may persist in Plaid's systems long after you disconnect all apps.

View original clause language

Plaid retains your personal information for as long as necessary to provide our services and as required by applicable law. In some cases, we may retain information for longer periods, such as when we are required to do so for legal, tax, or accounting purposes.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: GLBA Safeguards Rule (16 C.F.R. §314) requires financial institutions to implement data retention and disposal policies proportionate to data sensitivity. CCPA/CPRA §1798.100(a)(3) prohibits retention of personal information beyond what is necessary for the disclosed purpose. GDPR Art. 5(1)(e) storage limitation principle requires personal data to be kept no longer than necessary. FTC's 2022 Plaid consent order specifically addressed retention of financial data beyond disclosed purposes. NIST SP 800-53 provides technical guidance on data retention controls.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

FTC

The FTC's 2022 consent order with Plaid specifically addressed data retention beyond disclosed purposes, and this open-ended retention policy creates direct exposure to consent order violation and FTC Act Section 5 enforcement.
File a complaint →
CFPB

CFPB has jurisdiction over retention of nonpublic personal financial data under GLBA and its proposed Personal Financial Data Rights rule under Dodd-Frank §1033.
File a complaint →

Provision details

Document information

Document

Plaid Terms of Use

Entity

Plaid

Document last updated

April 29, 2026

Tracking information

First tracked

April 27, 2026

Last verified

April 27, 2026

Record ID

CA-P-003488

Document ID

CA-D-00170

Evidence Provenance

Source URL

https://plaid.com/legal/

Wayback Machine

View archived versions →

SHA-256

d237d1c00462e75d5d533b760cfa67756e21b1bc9ca5a561b65efe42daabe732

Verified

✓ Snapshot stored ✓ Change verified

How to Cite

ConductAtlas Policy Archive
Entity: Plaid | Document: Plaid Terms of Use | Record: CA-P-003488
Captured: 2026-04-27 13:43:06 UTC | SHA-256: d237d1c00462e75d…
URL: https://conductatlas.com/platform/plaid/plaid-terms-of-use/data-retention-policy/
Accessed: May 2, 2026

Classification

Severity

High

Data Retention Policy